<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
    <meta http-equiv="content-type" content="text/html; charset=utf-8">
    <meta name="description" content="linux系统用户以及用户组管理"/>
    <meta name="keywords"
          content="nginx,freebsd,linux,mysql,shell,apache,centos,redhat,rhel,windows,sql,系统运维,IT运维,开源系统,开源系统运维"/>
    <title> linux系统用户以及用户组管理 </title>

</head>
<body bgcolor="#FFFFFF" text="#000000">
<div id="menu">
    <ul>
		<span style="FONT-SIZE: 10.5pt">

			<li><a href="index.htm" hidefocus="true" id="mn_list">linux入门教程</a></li>

		</span>
    </ul>
</div>
<p style="text-align: center;"><span style="font-family:'宋体';font-size:15pt;"><b>第七章</b></span><span
        style="font-family:'Calibri';font-size:15pt;"><b>	linux</b></span><span
        style="font-family:'宋体';font-size:15pt;"><b>系统用户以及用户组管理</b></span></p>
<p style="text-indent: 21pt;"><span style="font-family:'宋体';font-size:10.5pt;">关于这部分内容，笔者在日常的</span><span
        style="font-family:'Calibri';font-size:10.5pt;">linux</span><span style="font-family:'宋体';font-size:10.5pt;">系统管理工作中用到的并不多，但这并不代表该内容不重要</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span
        style="font-family:'宋体';font-size:10.5pt;">毕竟</span><span
        style="font-family:'Calibri';font-size:10.5pt;">linux</span><span style="font-family:'宋体';font-size:10.5pt;">系统是一个多用户的系统，每个账号都干什么用，你必须了如指掌</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span style="font-family:'宋体';font-size:10.5pt;">因为这涉及到一个安全的问题</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>


<p><span style="font-family:'Calibri';font-size:10.5pt;"><b>【</b></span><span
        style="font-family:'宋体';font-size:10.5pt;"><b>认识</b></span><span
        style="font-family:'Calibri';font-size:10.5pt;"><b>/etc/passwd</b></span><span
        style="font-family:'宋体';font-size:10.5pt;"><b>和</b></span><span style="font-family:'Calibri';font-size:10.5pt;"><b>/etc/shadow】</b></span>
</p>
<p style="text-indent: 21pt;"><span style="font-family:'宋体';font-size:10.5pt;">这两个文件可以说是</span><span
        style="font-family:'Calibri';font-size:10.5pt;">linux</span><span style="font-family:'宋体';font-size:10.5pt;">系统中最重要的文件之一</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span style="font-family:'宋体';font-size:10.5pt;">如果没有这两个文件或者这两个文件出问题，则你是无法正常登录</span><span
        style="font-family:'Calibri';font-size:10.5pt;">linux</span><span
        style="font-family:'宋体';font-size:10.5pt;">系统的</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><img src="7_1.png"></span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">/etc/passwd</span><span
        style="font-family:'宋体';font-size:10.5pt;">由</span><span
        style="font-family:'Calibri';font-size:10.5pt;">’:’</span><span
        style="font-family:'宋体';font-size:10.5pt;">分割成</span><span
        style="font-family:'Calibri';font-size:10.5pt;">7</span><span style="font-family:'宋体';font-size:10.5pt;">个字段，每个字段的具体含义是：</span>
</p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">1</span><span style="font-family:'宋体';font-size:10.5pt;">）用户名（如第一行中的</span><span
        style="font-family:'Calibri';font-size:10.5pt;">root</span><span style="font-family:'宋体';font-size:10.5pt;">就是用户名），代表用户账号的字符串</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span style="font-family:'宋体';font-size:10.5pt;">用户名字符可以是大小写字母</span><span
        style="font-family:'Calibri';font-size:10.5pt;">、</span><span
        style="font-family:'宋体';font-size:10.5pt;">数字</span><span
        style="font-family:'Calibri';font-size:10.5pt;">、</span><span style="font-family:'宋体';font-size:10.5pt;">减号（不能出现在首位）</span><span
        style="font-family:'Calibri';font-size:10.5pt;">、</span><span style="font-family:'宋体';font-size:10.5pt;">点以及下划线，其他字符不合法</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span style="font-family:'宋体';font-size:10.5pt;">虽然用户名中可以出现点，但不建议使用，尤其是首位为点时，另外减号也不建议使用，因为容易造成混淆</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">2</span><span style="font-family:'宋体';font-size:10.5pt;">）存放的就是该账号的口令，为什么是</span><span
        style="font-family:'Calibri';font-size:10.5pt;">’x’</span><span
        style="font-family:'宋体';font-size:10.5pt;">呢？早期的</span><span style="font-family:'Calibri';font-size:10.5pt;">unix</span><span
        style="font-family:'宋体';font-size:10.5pt;">系统口令确实是存放在这里，但基于安全因素，后来就将其存放到</span><span
        style="font-family:'Calibri';font-size:10.5pt;">/etc/shadow</span><span
        style="font-family:'宋体';font-size:10.5pt;">中了，在这里只用一个</span><span
        style="font-family:'Calibri';font-size:10.5pt;">’x’</span><span
        style="font-family:'宋体';font-size:10.5pt;">代替</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">3</span><span style="font-family:'宋体';font-size:10.5pt;">）这个数字代表用户标识号，也叫做</span><span
        style="font-family:'Calibri';font-size:10.5pt;">uid。</span><span style="font-family:'宋体';font-size:10.5pt;">系统识别用户身份就是通过这个数字来的，</span><span
        style="font-family:'Calibri';font-size:10.5pt;">0</span><span
        style="font-family:'宋体';font-size:10.5pt;">就是</span><span
        style="font-family:'Calibri';font-size:10.5pt;">root</span><span style="font-family:'宋体';font-size:10.5pt;">，也就是说你可以修改</span><span
        style="font-family:'Calibri';font-size:10.5pt;">test</span><span
        style="font-family:'宋体';font-size:10.5pt;">用户的</span><span
        style="font-family:'Calibri';font-size:10.5pt;">uid</span><span
        style="font-family:'宋体';font-size:10.5pt;">为</span><span
        style="font-family:'Calibri';font-size:10.5pt;">0</span><span style="font-family:'宋体';font-size:10.5pt;">，那么系统会认为</span><span
        style="font-family:'Calibri';font-size:10.5pt;">root</span><span
        style="font-family:'宋体';font-size:10.5pt;">和</span><span
        style="font-family:'Calibri';font-size:10.5pt;">test</span><span style="font-family:'宋体';font-size:10.5pt;">为同一个账户</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span
        style="font-family:'宋体';font-size:10.5pt;">通常</span><span
        style="font-family:'Calibri';font-size:10.5pt;">uid</span><span style="font-family:'宋体';font-size:10.5pt;">的取值范围是</span><span
        style="font-family:'Calibri';font-size:10.5pt;">0~65535</span><span
        style="font-family:'宋体';font-size:10.5pt;">，</span><span
        style="font-family:'Calibri';font-size:10.5pt;">0</span><span
        style="font-family:'宋体';font-size:10.5pt;">是超级用户（</span><span style="font-family:'Calibri';font-size:10.5pt;">root</span><span
        style="font-family:'宋体';font-size:10.5pt;">）的标识号，</span><span style="font-family:'Calibri';font-size:10.5pt;">1~499</span><span
        style="font-family:'宋体';font-size:10.5pt;">由系统保留，作为管理账号，普通用户的标识号从</span><span
        style="font-family:'Calibri';font-size:10.5pt;">500</span><span style="font-family:'宋体';font-size:10.5pt;">开始，如果我们自定义建立一个普通用户，你会看到该账户的标识号是大于或等于</span><span
        style="font-family:'Calibri';font-size:10.5pt;">500</span><span
        style="font-family:'宋体';font-size:10.5pt;">的</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">4</span><span style="font-family:'宋体';font-size:10.5pt;">）表示组标识号，也叫做</span><span
        style="font-family:'Calibri';font-size:10.5pt;">gid。</span><span style="font-family:'宋体';font-size:10.5pt;">这个字段对应着</span><span
        style="font-family:'Calibri';font-size:10.5pt;">/etc/group </span><span
        style="font-family:'宋体';font-size:10.5pt;">中的一条记录，其实</span><span
        style="font-family:'Calibri';font-size:10.5pt;">/etc/group</span><span
        style="font-family:'宋体';font-size:10.5pt;">和</span><span style="font-family:'Calibri';font-size:10.5pt;">/etc/passwd</span><span
        style="font-family:'宋体';font-size:10.5pt;">基本上类似</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">5</span><span style="font-family:'宋体';font-size:10.5pt;">）注释说明，该字段没有实际意义，通常记录该用户的一些属性，例如姓名</span><span
        style="font-family:'Calibri';font-size:10.5pt;">、</span><span
        style="font-family:'宋体';font-size:10.5pt;">电话</span><span
        style="font-family:'Calibri';font-size:10.5pt;">、</span><span
        style="font-family:'宋体';font-size:10.5pt;">地址等等</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span
        style="font-family:'宋体';font-size:10.5pt;">不过，当你使用</span><span style="font-family:'Calibri';font-size:10.5pt;">finger</span><span
        style="font-family:'宋体';font-size:10.5pt;">的功能时就会显示这些信息的（稍后做介绍）</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">6</span><span style="font-family:'宋体';font-size:10.5pt;">）用户的家目录，当用户登录时就处在这个目录下</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。root</span><span style="font-family:'宋体';font-size:10.5pt;">的家目录是</span><span
        style="font-family:'Calibri';font-size:10.5pt;">/root</span><span style="font-family:'宋体';font-size:10.5pt;">，普通用户的家目录则为</span><span
        style="font-family:'Calibri';font-size:10.5pt;">/home/username</span><span
        style="font-family:'宋体';font-size:10.5pt;">，这个字段是可以自定义的，比如你建立一个普通用户</span><span
        style="font-family:'Calibri';font-size:10.5pt;">test1</span><span style="font-family:'宋体';font-size:10.5pt;">，要想让</span><span
        style="font-family:'Calibri';font-size:10.5pt;">test1</span><span style="font-family:'宋体';font-size:10.5pt;">的家目录在</span><span
        style="font-family:'Calibri';font-size:10.5pt;">/data</span><span style="font-family:'宋体';font-size:10.5pt;">目录下，只要修改</span><span
        style="font-family:'Calibri';font-size:10.5pt;">/etc/passwd</span><span
        style="font-family:'宋体';font-size:10.5pt;">文件中</span><span
        style="font-family:'Calibri';font-size:10.5pt;">test1</span><span style="font-family:'宋体';font-size:10.5pt;">那行中的该字段为</span><span
        style="font-family:'Calibri';font-size:10.5pt;">/data</span><span
        style="font-family:'宋体';font-size:10.5pt;">即可</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">7</span><span
        style="font-family:'宋体';font-size:10.5pt;">）</span><span
        style="font-family:'Calibri';font-size:10.5pt;">shell</span><span style="font-family:'宋体';font-size:10.5pt;">，用户登录后要启动一个进程，用来将用户下达的指令传给内核，这就是</span><span
        style="font-family:'Calibri';font-size:10.5pt;">shell。Linux</span><span
        style="font-family:'宋体';font-size:10.5pt;">的</span><span
        style="font-family:'Calibri';font-size:10.5pt;">shell</span><span style="font-family:'宋体';font-size:10.5pt;">有很多种</span><span
        style="font-family:'Calibri';font-size:10.5pt;">sh, csh, ksh, tcsh, bash</span><span
        style="font-family:'宋体';font-size:10.5pt;">等，而</span><span style="font-family:'Calibri';font-size:10.5pt;">Redhat/CentOS</span><span
        style="font-family:'宋体';font-size:10.5pt;">的</span><span
        style="font-family:'Calibri';font-size:10.5pt;">shell</span><span
        style="font-family:'宋体';font-size:10.5pt;">就是</span><span
        style="font-family:'Calibri';font-size:10.5pt;">bash。</span><span
        style="font-family:'宋体';font-size:10.5pt;">查看</span><span style="font-family:'Calibri';font-size:10.5pt;">/etc/passwd</span><span
        style="font-family:'宋体';font-size:10.5pt;">文件，该字段中除了</span><span
        style="font-family:'Calibri';font-size:10.5pt;">/bin/bash</span><span
        style="font-family:'宋体';font-size:10.5pt;">外还有</span><span style="font-family:'Calibri';font-size:10.5pt;">/sbin/nologin</span><span
        style="font-family:'宋体';font-size:10.5pt;">比较多，它表示不允许该账号登录</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span style="font-family:'宋体';font-size:10.5pt;">如果你想建立一个账号不让他登录，那么就可以把该字段改成</span><span
        style="font-family:'Calibri';font-size:10.5pt;">/sbin/nologin</span><span
        style="font-family:'宋体';font-size:10.5pt;">，默认是</span><span style="font-family:'Calibri';font-size:10.5pt;">/bin/bash。</span>
</p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><img src="7_12.png"></span></p>
<p><span style="font-family:'宋体';font-size:10.5pt;">再来看看</span><span style="font-family:'Calibri';font-size:10.5pt;">/etc/shadow</span><span
        style="font-family:'宋体';font-size:10.5pt;">这个文件，和</span><span style="font-family:'Calibri';font-size:10.5pt;">/etc/passwd</span><span
        style="font-family:'宋体';font-size:10.5pt;">类似，用</span><span
        style="font-family:'Calibri';font-size:10.5pt;">”:”</span><span
        style="font-family:'宋体';font-size:10.5pt;">分割成</span><span
        style="font-family:'Calibri';font-size:10.5pt;">9</span><span
        style="font-family:'宋体';font-size:10.5pt;">个字段</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">1</span><span
        style="font-family:'宋体';font-size:10.5pt;">）用户名，跟</span><span style="font-family:'Calibri';font-size:10.5pt;">/etc/passwd</span><span
        style="font-family:'宋体';font-size:10.5pt;">对应</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">2</span><span style="font-family:'宋体';font-size:10.5pt;">）用户密码，这个才是该账号的真正的密码，不过这个密码已经加密过了，但是有些黑客还是能够解密的</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span style="font-family:'宋体';font-size:10.5pt;">所以为了安全，该文件属性设置为</span><span
        style="font-family:'Calibri';font-size:10.5pt;">600</span><span
        style="font-family:'宋体';font-size:10.5pt;">，只允许</span><span
        style="font-family:'Calibri';font-size:10.5pt;">root</span><span
        style="font-family:'宋体';font-size:10.5pt;">读写</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">3</span><span style="font-family:'宋体';font-size:10.5pt;">）上次更改密码的日期，这个数字是这样计算得来的，距离</span><span
        style="font-family:'Calibri';font-size:10.5pt;">1970</span><span
        style="font-family:'宋体';font-size:10.5pt;">年</span><span
        style="font-family:'Calibri';font-size:10.5pt;">1</span><span
        style="font-family:'宋体';font-size:10.5pt;">月</span><span
        style="font-family:'Calibri';font-size:10.5pt;">1</span><span style="font-family:'宋体';font-size:10.5pt;">日到上次更改密码的日期，例如上次更改密码的日期为</span><span
        style="font-family:'Calibri';font-size:10.5pt;">2012</span><span
        style="font-family:'宋体';font-size:10.5pt;">年</span><span
        style="font-family:'Calibri';font-size:10.5pt;">1</span><span
        style="font-family:'宋体';font-size:10.5pt;">月</span><span
        style="font-family:'Calibri';font-size:10.5pt;">1</span><span style="font-family:'宋体';font-size:10.5pt;">日，则这个值就是</span><span
        style="font-family:'Calibri';font-size:10.5pt;">365*</span><span
        style="font-family:'宋体';font-size:10.5pt;">（</span><span style="font-family:'Calibri';font-size:10.5pt;">2012-1970</span><span
        style="font-family:'宋体';font-size:10.5pt;">）</span><span style="font-family:'Calibri';font-size:10.5pt;">+1=15331。</span>
</p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">4</span><span style="font-family:'宋体';font-size:10.5pt;">）要过多少天才可以更改密码，默认是</span><span
        style="font-family:'Calibri';font-size:10.5pt;">0</span><span
        style="font-family:'宋体';font-size:10.5pt;">，即不限制</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">5</span><span style="font-family:'宋体';font-size:10.5pt;">）密码多少天后到期</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span style="font-family:'宋体';font-size:10.5pt;">即在多少天内必须更改密码，例如这里设置成</span><span
        style="font-family:'Calibri';font-size:10.5pt;">30</span><span
        style="font-family:'宋体';font-size:10.5pt;">，则</span><span
        style="font-family:'Calibri';font-size:10.5pt;">30</span><span style="font-family:'宋体';font-size:10.5pt;">天内必须更改一次密码，否则将不能登录系统，默认是</span><span
        style="font-family:'Calibri';font-size:10.5pt;">99999</span><span style="font-family:'宋体';font-size:10.5pt;">，可以理解为永远不需要改</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">6</span><span style="font-family:'宋体';font-size:10.5pt;">）密码到期前的警告期限，若这个值设置成</span><span
        style="font-family:'Calibri';font-size:10.5pt;">7</span><span
        style="font-family:'宋体';font-size:10.5pt;">，则表示当</span><span
        style="font-family:'Calibri';font-size:10.5pt;">7</span><span style="font-family:'宋体';font-size:10.5pt;">天后密码过期时，系统就发出警告告诉用户，提醒用户他的密码将在</span><span
        style="font-family:'Calibri';font-size:10.5pt;">7</span><span
        style="font-family:'宋体';font-size:10.5pt;">天后到期</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">7</span><span style="font-family:'宋体';font-size:10.5pt;">）账号失效期限</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span style="font-family:'宋体';font-size:10.5pt;">你可以这样理解，如果设置这个值为</span><span
        style="font-family:'Calibri';font-size:10.5pt;">3</span><span style="font-family:'宋体';font-size:10.5pt;">，则表示：密码已经到期，然而用户并没有在到期前修改密码，那么再过</span><span
        style="font-family:'Calibri';font-size:10.5pt;">3</span><span style="font-family:'宋体';font-size:10.5pt;">天，则这个账号就失效了，即锁定了</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">8</span><span style="font-family:'宋体';font-size:10.5pt;">）账号的生命周期，跟第三段一样，是按距离</span><span
        style="font-family:'Calibri';font-size:10.5pt;">1970</span><span
        style="font-family:'宋体';font-size:10.5pt;">年</span><span
        style="font-family:'Calibri';font-size:10.5pt;">1</span><span
        style="font-family:'宋体';font-size:10.5pt;">月</span><span
        style="font-family:'Calibri';font-size:10.5pt;">1</span><span
        style="font-family:'宋体';font-size:10.5pt;">日多少天算的</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span style="font-family:'宋体';font-size:10.5pt;">它表示的含义是，账号在这个日期前可以使用，到期后账号作废</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">9</span><span style="font-family:'宋体';font-size:10.5pt;">）作为保留用的，没有什么意义</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><b>【</b></span><span
        style="font-family:'宋体';font-size:10.5pt;"><b>新增</b></span><span
        style="font-family:'Calibri';font-size:10.5pt;"><b>/</b></span><span style="font-family:'宋体';font-size:10.5pt;"><b>删除用户和用户组</b></span><span
        style="font-family:'Calibri';font-size:10.5pt;"><b>】</b></span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">a. </span><span style="font-family:'宋体';font-size:10.5pt;">新增一个组</span><span
        style="font-family:'Calibri';font-size:10.5pt;">  groupadd  [-g GID]  groupname</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><img src="7_13.png"></span></p>
<p><span style="font-family:'宋体';font-size:10.5pt;">不加</span><span
        style="font-family:'Calibri';font-size:10.5pt;">-g </span><span style="font-family:'宋体';font-size:10.5pt;">则按照系统默认的</span><span
        style="font-family:'Calibri';font-size:10.5pt;">gid</span><span style="font-family:'宋体';font-size:10.5pt;">创建组，跟用户一样，</span><span
        style="font-family:'Calibri';font-size:10.5pt;">gid</span><span
        style="font-family:'宋体';font-size:10.5pt;">也是从</span><span
        style="font-family:'Calibri';font-size:10.5pt;">500</span><span
        style="font-family:'宋体';font-size:10.5pt;">开始的</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><img src="7_14.png"></span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">-g</span><span style="font-family:'宋体';font-size:10.5pt;">选项可以自定义</span><span
        style="font-family:'Calibri';font-size:10.5pt;">gid</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">b. </span><span
        style="font-family:'宋体';font-size:10.5pt;">删除组</span><span style="font-family:'Calibri';font-size:10.5pt;">  gropudel  groupname </span>
</p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><img src="7_15.png"></span></p>
<p><span style="font-family:'宋体';font-size:10.5pt;">没有特殊选项</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">c. </span><span
        style="font-family:'宋体';font-size:10.5pt;">增加用户</span><span style="font-family:'Calibri';font-size:10.5pt;">  useradd [-u UID] [-g GID]  [-d HOME] [-M] [-s]</span>
</p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">-u  </span><span
        style="font-family:'宋体';font-size:10.5pt;">自定义</span><span
        style="font-family:'Calibri';font-size:10.5pt;">UID</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">-g  </span><span style="font-family:'宋体';font-size:10.5pt;">使其属于已经存在的某个</span><span
        style="font-family:'Calibri';font-size:10.5pt;">GID</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">-d  </span><span style="font-family:'宋体';font-size:10.5pt;">自定义用户的家目录</span>
</p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">-M	</span><span style="font-family:'宋体';font-size:10.5pt;">不建立家目录</span>
</p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">-s	</span><span style="font-family:'宋体';font-size:10.5pt;">自定义</span><span
        style="font-family:'Calibri';font-size:10.5pt;">shell</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><img src="7_16.png"></span></p>
<p><span style="font-family:'宋体';font-size:10.5pt;">你会发现，创建</span><span style="font-family:'Calibri';font-size:10.5pt;">test11</span><span
        style="font-family:'宋体';font-size:10.5pt;">时，加上了</span><span
        style="font-family:'Calibri';font-size:10.5pt;">-M</span><span
        style="font-family:'宋体';font-size:10.5pt;">选项后，在</span><span style="font-family:'Calibri';font-size:10.5pt;">/etc/passwd</span><span
        style="font-family:'宋体';font-size:10.5pt;">文件中</span><span style="font-family:'Calibri';font-size:10.5pt;">test11</span><span
        style="font-family:'宋体';font-size:10.5pt;">那行的第六字段依然有</span><span
        style="font-family:'Calibri';font-size:10.5pt;">/home/test11</span><span
        style="font-family:'宋体';font-size:10.5pt;">，可是</span><span
        style="font-family:'Calibri';font-size:10.5pt;">ls</span><span style="font-family:'宋体';font-size:10.5pt;">查看该目录时，会提示该目录不存在</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><img src="7_17.png"></span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">-M</span><span style="font-family:'宋体';font-size:10.5pt;">选项的作用就是不创建用户的家目录</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">-d. </span><span style="font-family:'宋体';font-size:10.5pt;">删除用户</span><span
        style="font-family:'Calibri';font-size:10.5pt;">  userdel  [-r]  username</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><img src="7_18.png"></span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">-r </span><span style="font-family:'宋体';font-size:10.5pt;">选项的作用是删除用户时，连同用户的家目录一起删除</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><b>【chfn  </b></span><span
        style="font-family:'宋体';font-size:10.5pt;"><b>更改用户的</b></span><span
        style="font-family:'Calibri';font-size:10.5pt;"><b>finger </b></span><span
        style="font-family:'宋体';font-size:10.5pt;"><b>（不常用）</b></span><span
        style="font-family:'Calibri';font-size:10.5pt;"><b>】</b></span></p>
<p style="text-indent: 21pt;"><span style="font-family:'宋体';font-size:10.5pt;">前面内容中提到了</span><span
        style="font-family:'Calibri';font-size:10.5pt;">findger</span><span style="font-family:'宋体';font-size:10.5pt;">，即在</span><span
        style="font-family:'Calibri';font-size:10.5pt;">/etc/passwd</span><span
        style="font-family:'宋体';font-size:10.5pt;">文件中的第</span><span
        style="font-family:'Calibri';font-size:10.5pt;">5</span><span style="font-family:'宋体';font-size:10.5pt;">个字段中所显示的信息，那么如何去设定这个信息呢？</span>
</p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><img src="7_19.png"></span></p>
<p><span style="font-family:'宋体';font-size:10.5pt;">就是</span><span
        style="font-family:'Calibri';font-size:10.5pt;">chfn</span><span style="font-family:'宋体';font-size:10.5pt;">这个命令了</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span style="font-family:'宋体';font-size:10.5pt;">修改完后，就会在</span><span
        style="font-family:'Calibri';font-size:10.5pt;">/etc/passwd</span><span
        style="font-family:'宋体';font-size:10.5pt;">文件中的</span><span
        style="font-family:'Calibri';font-size:10.5pt;">test</span><span style="font-family:'宋体';font-size:10.5pt;">的那一行第五个字段中看到相关信息了，默认是空的</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><b>【</b></span><span
        style="font-family:'宋体';font-size:10.5pt;"><b>创建</b></span><span
        style="font-family:'Calibri';font-size:10.5pt;"><b>/</b></span><span style="font-family:'宋体';font-size:10.5pt;"><b>修改一个用户的密码</b></span><span
        style="font-family:'Calibri';font-size:10.5pt;"><b>   “passwd  [username]”】</b></span></p>
<p style="text-indent: 21pt;"><span
        style="font-family:'宋体';font-size:10.5pt;">等创建完账户后，默认是没有设置密码的，虽然没有密码，但该账户同样登录不了系统</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span style="font-family:'宋体';font-size:10.5pt;">只有设置好密码后方可登录系统</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p style="text-indent: 21pt;"><span style="font-family:'宋体';font-size:10.5pt;">为用户创建密码时，为了安全起见，请尽量设置复杂一些</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span style="font-family:'宋体';font-size:10.5pt;">你可以按照这样的规则来设置密码：</span><span
        style="font-family:'Calibri';font-size:10.5pt;">a. </span><span
        style="font-family:'宋体';font-size:10.5pt;">长度大于</span><span
        style="font-family:'Calibri';font-size:10.5pt;">10</span><span
        style="font-family:'宋体';font-size:10.5pt;">个字符；</span><span
        style="font-family:'Calibri';font-size:10.5pt;">b. </span><span style="font-family:'宋体';font-size:10.5pt;">密码中包含大小写字母数字以及特殊字符（</span><span
        style="font-family:'Calibri';font-size:10.5pt;">*&amp;</span><span style="font-family:'宋体';font-size:10.5pt;">等）；</span><span
        style="font-family:'Calibri';font-size:10.5pt;">c. </span><span style="font-family:'宋体';font-size:10.5pt;">不规则性（不要出现</span><span
        style="font-family:'Calibri';font-size:10.5pt;">root, happy, love, linux, 123456, 111111</span><span
        style="font-family:'宋体';font-size:10.5pt;">等等单词或者数字）；</span><span
        style="font-family:'Calibri';font-size:10.5pt;">d. </span><span style="font-family:'宋体';font-size:10.5pt;">不要带有自己名字</span><span
        style="font-family:'Calibri';font-size:10.5pt;">、</span><span
        style="font-family:'宋体';font-size:10.5pt;">公司名字</span><span
        style="font-family:'Calibri';font-size:10.5pt;">、</span><span
        style="font-family:'宋体';font-size:10.5pt;">自己电话</span><span
        style="font-family:'Calibri';font-size:10.5pt;">、</span><span
        style="font-family:'宋体';font-size:10.5pt;">自己生日等</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><img src="7_20.png"></span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">passwd </span><span style="font-family:'宋体';font-size:10.5pt;">后面不跟用户名则是更改当前用户的密码，当前用户为</span><span
        style="font-family:'Calibri';font-size:10.5pt;">root</span><span style="font-family:'宋体';font-size:10.5pt;">，所以此时修改的是</span><span
        style="font-family:'Calibri';font-size:10.5pt;">root</span><span style="font-family:'宋体';font-size:10.5pt;">的密码，后面跟</span><span
        style="font-family:'Calibri';font-size:10.5pt;">test</span><span style="font-family:'宋体';font-size:10.5pt;">则修改的是</span><span
        style="font-family:'Calibri';font-size:10.5pt;">test</span><span
        style="font-family:'宋体';font-size:10.5pt;">的密码</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><b>【</b></span><span
        style="font-family:'宋体';font-size:10.5pt;"><b>用户身份切换</b></span><span
        style="font-family:'Calibri';font-size:10.5pt;"><b>】</b></span></p>
<p style="text-indent: 21pt;"><span style="font-family:'Calibri';font-size:10.5pt;">Linux</span><span
        style="font-family:'宋体';font-size:10.5pt;">系统中，有时候普通用户有些事情是不能做的，除非是</span><span
        style="font-family:'Calibri';font-size:10.5pt;">root</span><span style="font-family:'宋体';font-size:10.5pt;">用户才能做到</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span style="font-family:'宋体';font-size:10.5pt;">这时就需要临时切换到</span><span
        style="font-family:'Calibri';font-size:10.5pt;">root</span><span style="font-family:'宋体';font-size:10.5pt;">身份来做事了</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><img src="7_21.png"></span></p>
<p><span style="font-family:'宋体';font-size:10.5pt;">用</span><span
        style="font-family:'Calibri';font-size:10.5pt;">test</span><span
        style="font-family:'宋体';font-size:10.5pt;">账号登录</span><span style="font-family:'Calibri';font-size:10.5pt;">linux</span><span
        style="font-family:'宋体';font-size:10.5pt;">系统，然后使用</span><span style="font-family:'Calibri';font-size:10.5pt;">su - </span><span
        style="font-family:'宋体';font-size:10.5pt;">就可以切换成</span><span style="font-family:'Calibri';font-size:10.5pt;">root</span><span
        style="font-family:'宋体';font-size:10.5pt;">身份，前提是知道</span><span style="font-family:'Calibri';font-size:10.5pt;">root</span><span
        style="font-family:'宋体';font-size:10.5pt;">的密码</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><img src="7_29.png"></span></p>
<p><span style="font-family:'宋体';font-size:10.5pt;">你可以使用</span><span style="font-family:'Calibri';font-size:10.5pt;">echo  $LOGNAME</span><span
        style="font-family:'宋体';font-size:10.5pt;">来查看当前登录的用户名</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><img src="7_30.png"></span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">su </span><span style="font-family:'宋体';font-size:10.5pt;">的语法为：</span><span
        style="font-family:'Calibri';font-size:10.5pt;"> su [-] username </span></p>
<p><span style="font-family:'宋体';font-size:10.5pt;">后面可以跟</span><span style="font-family:'Calibri';font-size:10.5pt;">”-”</span><span
        style="font-family:'宋体';font-size:10.5pt;">也可以不跟，普通用户</span><span
        style="font-family:'Calibri';font-size:10.5pt;">su</span><span
        style="font-family:'宋体';font-size:10.5pt;">不加</span><span style="font-family:'Calibri';font-size:10.5pt;">username</span><span
        style="font-family:'宋体';font-size:10.5pt;">时就是切换到</span><span style="font-family:'Calibri';font-size:10.5pt;">root</span><span
        style="font-family:'宋体';font-size:10.5pt;">用户，当然</span><span style="font-family:'Calibri';font-size:10.5pt;">root</span><span
        style="font-family:'宋体';font-size:10.5pt;">用户同样可以</span><span
        style="font-family:'Calibri';font-size:10.5pt;">su</span><span
        style="font-family:'宋体';font-size:10.5pt;">到普通用户</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><img src="7_31.png"></span></p>
<p><span style="font-family:'宋体';font-size:10.5pt;">加</span><span
        style="font-family:'Calibri';font-size:10.5pt;">”-“</span><span style="font-family:'宋体';font-size:10.5pt;">后会连同用户的环境变量一起切换过来</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。su test </span><span
        style="font-family:'宋体';font-size:10.5pt;">后虽然切换到了</span><span style="font-family:'Calibri';font-size:10.5pt;">test</span><span
        style="font-family:'宋体';font-size:10.5pt;">用户，但是当前目录还是切换前的</span><span
        style="font-family:'Calibri';font-size:10.5pt;">/root</span><span style="font-family:'宋体';font-size:10.5pt;">目录，然后当用</span><span
        style="font-family:'Calibri';font-size:10.5pt;">su - test</span><span
        style="font-family:'宋体';font-size:10.5pt;">时切换用户后则到了</span><span
        style="font-family:'Calibri';font-size:10.5pt;">test</span><span
        style="font-family:'宋体';font-size:10.5pt;">的家目录</span><span style="font-family:'Calibri';font-size:10.5pt;">/home/test。</span><span
        style="font-family:'宋体';font-size:10.5pt;">当用</span><span
        style="font-family:'Calibri';font-size:10.5pt;">root</span><span style="font-family:'宋体';font-size:10.5pt;">切换普通用户时，是不需要输入密码的</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span
        style="font-family:'宋体';font-size:10.5pt;">这也体现了</span><span style="font-family:'Calibri';font-size:10.5pt;">root</span><span
        style="font-family:'宋体';font-size:10.5pt;">用户至高无上的权利</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;">	</span><span
        style="font-family:'宋体';font-size:10.5pt;">用</span><span
        style="font-family:'Calibri';font-size:10.5pt;">su</span><span style="font-family:'宋体';font-size:10.5pt;">是可以切换用户身份，如果每个普通用户都能切换到</span><span
        style="font-family:'Calibri';font-size:10.5pt;">root</span><span style="font-family:'宋体';font-size:10.5pt;">身份，如果某个用户不小心泄漏了</span><span
        style="font-family:'Calibri';font-size:10.5pt;">root</span><span style="font-family:'宋体';font-size:10.5pt;">的密码，那岂不是系统非常的不安全？没有错，为了改进这个问题，产生了</span><span
        style="font-family:'Calibri';font-size:10.5pt;">sudo</span><span
        style="font-family:'宋体';font-size:10.5pt;">这个命令</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span
        style="font-family:'宋体';font-size:10.5pt;">使用</span><span
        style="font-family:'Calibri';font-size:10.5pt;">sudo</span><span
        style="font-family:'宋体';font-size:10.5pt;">执行一个</span><span
        style="font-family:'Calibri';font-size:10.5pt;">root</span><span style="font-family:'宋体';font-size:10.5pt;">才能执行的命令是可以办到的，但是需要输入密码，这个密码并不是</span><span
        style="font-family:'Calibri';font-size:10.5pt;">root</span><span style="font-family:'宋体';font-size:10.5pt;">的密码而是用户自己的密码</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span
        style="font-family:'宋体';font-size:10.5pt;">默认只有</span><span
        style="font-family:'Calibri';font-size:10.5pt;">root</span><span style="font-family:'宋体';font-size:10.5pt;">用户能使用</span><span
        style="font-family:'Calibri';font-size:10.5pt;">sudo</span><span style="font-family:'宋体';font-size:10.5pt;">命令，普通用户想要使用</span><span
        style="font-family:'Calibri';font-size:10.5pt;">sudo</span><span
        style="font-family:'宋体';font-size:10.5pt;">，是需要</span><span
        style="font-family:'Calibri';font-size:10.5pt;">root</span><span style="font-family:'宋体';font-size:10.5pt;">预先设定的，即，使用</span><span
        style="font-family:'Calibri';font-size:10.5pt;">visudo</span><span style="font-family:'宋体';font-size:10.5pt;">命令去编辑相关的配置文件</span><span
        style="font-family:'Calibri';font-size:10.5pt;">/etc/sudoers。</span><span
        style="font-family:'宋体';font-size:10.5pt;">如果没有</span><span style="font-family:'Calibri';font-size:10.5pt;">visudo</span><span
        style="font-family:'宋体';font-size:10.5pt;">这个命令，请使用</span><span style="font-family:'Calibri';font-size:10.5pt;">” yum install -y sudo”</span><span
        style="font-family:'宋体';font-size:10.5pt;">安装</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><img src="7_32.png"></span></p>
<p><span style="font-family:'宋体';font-size:10.5pt;">默认</span><span
        style="font-family:'Calibri';font-size:10.5pt;">root</span><span
        style="font-family:'宋体';font-size:10.5pt;">能够</span><span
        style="font-family:'Calibri';font-size:10.5pt;">sudo</span><span style="font-family:'宋体';font-size:10.5pt;">是因为这个文件中有一行</span><span
        style="font-family:'Calibri';font-size:10.5pt;">” root   ALL=(ALL)  ALL” </span><span
        style="font-family:'宋体';font-size:10.5pt;">在该行下面加入</span><span style="font-family:'Calibri';font-size:10.5pt;">” test    ALL=(ALL)    ALL”</span><span
        style="font-family:'宋体';font-size:10.5pt;">就可以让</span><span
        style="font-family:'Calibri';font-size:10.5pt;">test</span><span style="font-family:'宋体';font-size:10.5pt;">用户拥有了</span><span
        style="font-family:'Calibri';font-size:10.5pt;">sudo</span><span
        style="font-family:'宋体';font-size:10.5pt;">的权利</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span style="font-family:'宋体';font-size:10.5pt;">如果每增加一用户就设置一行，这样太麻烦了</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span style="font-family:'宋体';font-size:10.5pt;">所以你可以这样设置</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><img src="7_33.png"></span></p>
<p><span style="font-family:'宋体';font-size:10.5pt;">把这一行前面的</span><span style="font-family:'Calibri';font-size:10.5pt;">”#”</span><span
        style="font-family:'宋体';font-size:10.5pt;">去掉，让这一行生效</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span
        style="font-family:'宋体';font-size:10.5pt;">它的意思是，</span><span style="font-family:'Calibri';font-size:10.5pt;">wheel</span><span
        style="font-family:'宋体';font-size:10.5pt;">这个组的所有用户都拥有了</span><span
        style="font-family:'Calibri';font-size:10.5pt;">sudo</span><span
        style="font-family:'宋体';font-size:10.5pt;">的权利</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span><span style="font-family:'宋体';font-size:10.5pt;">接下来就需要你把想让有</span><span
        style="font-family:'Calibri';font-size:10.5pt;">sudo</span><span style="font-family:'宋体';font-size:10.5pt;">权利的所有用户加入到</span><span
        style="font-family:'Calibri';font-size:10.5pt;">wheel</span><span style="font-family:'宋体';font-size:10.5pt;">这个组中即可</span><span
        style="font-family:'Calibri';font-size:10.5pt;">。</span></p>
<p><span style="font-family:'Calibri';font-size:10.5pt;"><img src="7_34.png">&nbsp;</span></p>

<p style="text-align: justify;"><span style="font-family:'宋体';font-size:10.5pt;">上一页 <a
        href="6.htm">Linux文件与目录管理</a></span></p>
<p style="text-align: justify;"><span style="font-family:'宋体';font-size:10.5pt;">下一页 <a
        href="8.htm">Linux磁盘管理</a></span></p>
<p style="line-height: 150%;"><span style="font-family:'宋体';font-size:10.5pt;"><a
        href="index.htm">回到主目录</a>&nbsp;</span></p>

</body>
</html>